ClawHub

FLOOR OTC

Security checks across malware telemetry and agentic risk

Overview

This crypto trading skill is not malicious, but it needs Review because it can create escrow trades and submit signed market orders without clear confirmation safeguards or fully scoped server-key trust assumptions.

Review before installing. Use this only with explicit human approval for any trade, escrow, token approval, or signed-order submission. Verify chain, token addresses, amounts, fee, recipient, order expiry, and approval target before signing, and do not allow autonomous agents to call execute_trade or submit_signed_trade without strict limits and confirmation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The manifest makes strong trust-minimizing claims like 'no admin keys' and 'no middleman', yet the authentication note states the escrow path requires the A2A server to hold a PRIVATE_KEY for the escrow creator role. That creates a hidden trusted component and contradicts the advertised security model, which can mislead users and integrators into granting trust they would not otherwise give.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill presents `execute_trade` as a simple API call but does not place a clear warning at the point of use that it initiates an on-chain escrow flow with real asset movement and protocol fees. In an agent context, this can cause unintended transactions or user surprise, especially because the document also states 'No authentication required,' making invocation look low-risk when it is economically consequential.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The manifest presents trade execution as a normal skill action without prominently warning that it can initiate on-chain escrow activity, incur fees, and involve irreversible blockchain state changes. In an agent context, missing transactional risk warnings increases the chance of uninformed or automated asset-moving actions that users did not fully intend.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The signed-order relay flow forwards user-signed order data to CoW Protocol, which can result in a live executable order, but the manifest does not clearly warn about that external submission or the market execution consequences. In a trading skill, this omission is especially risky because signed payloads are highly sensitive and their submission can directly expose funds to execution under the signed terms.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The manifest notes that the server must have a PRIVATE_KEY configured for the escrow creator role, but it provides no accompanying warning about secret handling, hot-wallet risk, or compromise impact. Because this skill concerns token trading and escrow creation, inadequate disclosure around credential custody materially increases operational and theft risk if deployers treat it as low-trust infrastructure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal